So I just got back from a two day trip to Washington, DC.
As a result I am now reading, well skimming, the
DRAFT Recommended Security Controls for Federal Information Systems and Organizations.

NIST announces the release of the Initial Public Draft (IPD) of Special
Publication 800-53, Revision 3, Recommended Security Controls for Federal
Information Systems and Organizations. This is the first major update of
Special Publication 800-53 since its initial publication in December 2005.
We have received excellent feedback from our customers during the past
three years and have taken this opportunity to provide significant
improvements to the security control catalog. In addition, the changing
threat environment and growing sophistication of cyber attacks necessitated
specific changes to the allocation of security controls and control
enhancements in the low-impact, moderate-impact, and high-impact baselines.
We also continue to work closely with the Department of Defense and the
Office of the Director of National Intelligence under the auspices of the
Committee on National Security Systems on the harmonization of security
control specifications across the federal government. And lastly, we have
added new security controls to address organization-wide security programs
and introduced the concept of a security program plan to capture security
program management requirements for organizations. The privacy-related
material, originally scheduled to be included in Special Publication
800-53, Revision 3, will undergo a separate public review process in the
near future and be incorporated into this publication, when completed.